New Ultrasound Attack Can Secretly Hijack Phones and Smart Speakers (theregister.com) 49
Academics in the US have developed an attack dubbed NUIT, for Near-Ultrasound Inaudible Trojan, that exploits vulnerabilities in smart device microphones and voice assistants to silently and remotely access smart phones and home devices. The Register reports: The research team -- Guenevere Chen, an associate professor at the University of Texas at San Antonio, her doctoral student Qi Xia, and Shouhuai Xu, a professor at the University of Colorado Colorado Springs -- found Apple's Siri, Google's Assistant, Microsoft's Cortana, and Amazon's Alexa are all vulnerable to NUIT attacks, albeit to different degrees. In an interview with The Register this month, Chen and Xia demonstrated two separate NUIT attacks: NUIT-1, which emits sounds to exploit a victim's smart speaker to attack the same victim's microphone and voice assistant on the same device, and NUIT-2, which exploits a victim's speaker to attack the same victim's microphone and voice assistant on a different device. Ideally, for the attacker, these sounds should be inaudible to humans.
The attacks work by modulating voice commands into near-ultrasound inaudible signals so that humans can't hear them but the voice assistant will still respond to them. These signals are then embedded into a carrier, such as an app or YouTube video. When a vulnerable device picks up the carrier, it ends up obeying the hidden embedded commands. Attackers can use social engineering to trick the victim into playing the sound clip, Xia explained. "And once the victim plays this clip, voluntarily or involuntarily, the attacker can manipulate your Siri to do something, for example, open your door."
For NUIT-1 attacks, using Siri, the answer is yes. The boffins found they could control an iPhone's volume so that a silent instruction to Siri generates an inaudible response. The other three voice assistants -- Google's, Cortana, and Alexa -- are still susceptible to the attacks, but for NUIT-1, the technique can't silence devices' response so the victim may notice shenanigans are afoot. It's also worth noting that the length of malicious commands must be below 77 milliseconds -- that's the average reaction time for the four voice assistants across multiple devices.
In a NUIT-2 attack, the attacker exploits the speaker on one device to attack the microphone and associated voice assistant of a second device. These attacks aren't limited by the 77-millisecond window and thus give the attacker a broader range of possible action commands. An attacker could use this scenario during Zooms meeting, for example: if an attendee unmutes themself, and their phone is placed next to their computer, an attacker could use an embedded attack signal to attack that attendees phone. The researchers will publish their research and demonstrate the NUIT attacks at the USENIX Security Symposium in August.
The attacks work by modulating voice commands into near-ultrasound inaudible signals so that humans can't hear them but the voice assistant will still respond to them. These signals are then embedded into a carrier, such as an app or YouTube video. When a vulnerable device picks up the carrier, it ends up obeying the hidden embedded commands. Attackers can use social engineering to trick the victim into playing the sound clip, Xia explained. "And once the victim plays this clip, voluntarily or involuntarily, the attacker can manipulate your Siri to do something, for example, open your door."
For NUIT-1 attacks, using Siri, the answer is yes. The boffins found they could control an iPhone's volume so that a silent instruction to Siri generates an inaudible response. The other three voice assistants -- Google's, Cortana, and Alexa -- are still susceptible to the attacks, but for NUIT-1, the technique can't silence devices' response so the victim may notice shenanigans are afoot. It's also worth noting that the length of malicious commands must be below 77 milliseconds -- that's the average reaction time for the four voice assistants across multiple devices.
In a NUIT-2 attack, the attacker exploits the speaker on one device to attack the microphone and associated voice assistant of a second device. These attacks aren't limited by the 77-millisecond window and thus give the attacker a broader range of possible action commands. An attacker could use this scenario during Zooms meeting, for example: if an attendee unmutes themself, and their phone is placed next to their computer, an attacker could use an embedded attack signal to attack that attendees phone. The researchers will publish their research and demonstrate the NUIT attacks at the USENIX Security Symposium in August.
Burning more karma... (Score:3, Funny)
... just to say I TOLD YOU SO!
Re: (Score:3)
Re: (Score:2)
I love a good Rickyism
Re:Burning more karma... (Score:4, Insightful)
I do remember some long past event where MicroShit demonstrated voice commands. Apparently somebody in the audience screamed something about "deltree" and that was the end of the demo. People are generally stupid. Most get it after having made the same dumb mistake a number of times, some not even then.
Re: (Score:2)
That's actually just an old joke. There's no evidence that it ever actually happened. There are a number of reasons why it was never actually possible. Congratulations are due to Apple, etc. for creating a world in which something like that _is_ possible though.
Re: (Score:3)
ITYM "Dear aunt, let's set so double the killer delete select all." [youtube.com]...
Re: (Score:2)
My question is, who is automating their door locks with these devices?
Other than opening a door, what's the worst that can happen?
Re: (Score:1)
It could order you 100 smurfberries, for example.
Re: (Score:2)
What's the motivation behind that though? Just to be a troll? Not even a good troll at that because where's the payoff? You never get to see the person's rage, you just have to assume that you pissed someone off. If it happened to me, I could just return the smurfberries and be mildly inconvenienced.
Seems like there are much better ways to annoy someone.
Filter (Score:4, Interesting)
Make it so the device does not respond to sounds above or below a certain frequency.
I don't know how many people in the world have higher than chipmunk voices, but the fact that Siri can respond to people who speak in ultrasound is rather intriguing.
Re: (Score:2)
... fact that Siri can respond to people who speak in ultrasound is rather intriguing.
I believe it's on purpose - it's the same with other "smart" speakers, this way they can communicate without established connection, even vaguely remember there was something about it on /..
AFAIR some other sonic phone vulnerability was discovered, reported and discussed here as well.
Re: (Score:2)
I tried it a little and found it to be more of a PITA than a help. It always seemed to pop up when I was trying to do something else.
Re:Filter (Score:5, Insightful)
EG, a 30KHz and 31KHz tone (ultrasonic) are broadcast. The mic and ampllifier have some nonlinearity so you get F1+F2 an F1-F2 out. that gives you 61 KHz(ignore) and 1 KHz, which is in the normal audio band and is processed.
The human ear will do similar things, but likely by choosing the right frequencies, you can have the effect be larger in the electronics than in the ear
Re: (Score:1)
Re: (Score:2)
think tones A and B. nonlinearity means out = A + B + A^2 + B^2 + A *B +
Re: (Score:1)
Re: (Score:3)
There are things called parametric speakers, which are ultrasound speakers but due to non-linear effects can modulate down to the audio band.
Because they are high frequency audio, they are incredibly directional - you can literally aim sound at a person and they will hear audio, but the person sitting beside them won't hear a thing. It's a freaky effect and it's used b
Uhm, no, that's most likely not what they did (Score:3)
Those attacks typically use an ultrasonic sound modulated with the information you want to convey. Microphones always have some level of non-linearity. This demodulated the ultrasound and makes it appear just like regular sound. If you want to filter, you have to do this acoustically which is hard to do.
Re: (Score:3)
Re: (Score:2)
Oh wait
Old story (Score:3, Insightful)
Re: (Score:1)
There was also another one in 2019 where people were doing the same thing using lasers so this is nothing new
Re: Old story (Score:3)
"There was also another one in 2019 where people were doing the same thing using lasers so this is nothing new"
If you are talking about bouncing lasers off of glass to pick up sound vibrations on the glass for spying purposes, this is something very different and much more of a threat in the average day to day world.
Re: Old story (Score:4, Insightful)
Clarifying edit:
If you are talking about bouncing lasers off of glass to pick up sound vibrations on the glass for spying purposes, the ultrasonic hacking mentioned in TFA is something very different and much more of a threat in the average day to day world.
Most people won't be targets for laser based espionage which requires a spy to be physically nearby to set up the equipment. But most people will be targets for ultrasound based hacks with their "smart" devices with the bad actors not needing to go anywhere to affect people worldwide.
Re: (Score:3)
No, this was a bit different. The laser was aimed at the microphone (possibly from outside though a window) and used to vibrate the mic sending an audio signal. They didn't even need a pricy laser to do it.
https://www.wired.com/story/la... [wired.com]
Re: Old story (Score:2)
This is a POC to send commands to an Amazon echo type device.
What I mentioned was something I read years ago used to listen to conversations in a room. If I am remembering the details correctly, an infared laser would be pointed at a reflective object, could be a window pane, and sounds in the room would cause the object to vibrate ever so slightly which in turn causes the beam to shift back and forth as it's returning to a light sensor in the spy's equipment. These very minute beam shifts would the
Re: (Score:1)
There was also another one in 2019 where people were doing the same thing using lasers so this is nothing new
but were they Jewish lasers from space though? that's the only one that works. at least according to marjorie taylor green.
Compression Kills This (Score:2)
They mention a number of vectors that likely won't work, such as YouTube, Zoom, or phones. All of those do either compression or filtering, so it's unlikely the malicious ultrasonic voice command would get through. Modern audio compression is designed specifically to sound the same to people, so anything outside of human hearing is not likely to be preserved.
And as others have said, this is all eliminated by a firmware update that filters out ultrasonic frequencies. And this is a case where the smart dev
Re:Compression Kills This (Score:4, Informative)
> Modern audio compression is designed specifically to sound the same to people, so anything outside of human hearing is not likely to be preserved.
People playing along at home can search for "psychoacoustic masking" and "subband coding".
These were fun new topics in the early 90's (for me as an undergrad, anyway).
FWIW an mp4 link could have a lossless codec track embedded at a reasonable data-rate, but that's not certainly not YouTube.
Re: Compression Kills This (Score:3)
You have to catch this high frequency stuff before the A/D stage. Because that's where the frequency ailiasing occurs. Read up on th r Nyquist-Shannon sampling theorem.
These voice assistants should not be picking up ultrasound. Or if that's a part of their specification, then the analog stage needs to be designed properly, the A/D sampling rate needs to be MUCH higher and the upper frequency signals need to be processed through something other than the voice software.
Re: Compression Kills This (Score:2)
Proper design costs - I'd guess that the "it'll do" mantra applies so as not to cut into the profit margin?
So an air gap is no longer the best security (Score:3)
From now on it has to be a VACUUM GAP. Locate your backup server on the Moon. After closing your company's books each year, send an accountant with an external SSD up on SpaceX to update the archive.
Re: (Score:2)
From now on it has to be a VACUUM GAP. Locate your backup server on the Moon. After closing your company's books each year, send an accountant with an external SSD up on SpaceX to update the archive.
Elon Musk: The moon is not far enough. Get your accountant's ass to Mars!
Re: So an air gap is no longer the best security (Score:2)
Unplug the microphone from your server (why does it have one connected in the first place?) and no ultrasonic hacks will work.
Re: (Score:2)
Unplug the microphone from your server (why does it have one connected in the first place?) and no ultrasonic hacks will work.
Though given this is a story about smartphones, that may be neither relevant nor practical
Re: (Score:2)
Attacks do not happen at the server. They happen at the PCs of people who administer the server.
Filter (Score:3)
A simple digital filter at say 5khz will allow all normal voice commands and block any higher none audible frequencies, surprising this is not done as standard.
Re: (Score:2)
That "simple digital filter" will at the very least cost an engineer-hour to put in! That is $200 not going into the CEO bonus! Cannot have that.
Fake news (Score:3)
Everyone knows Siri doesn’t respond to commands.
Re: Fake news (Score:2)
I'm sure it will respond fine to the ultrasonic commands. (Murphy's law)
Re: (Score:2)
It works over the phone too... (Score:1)
I've been hacked over the phone with semi-audible noise.
There is no reason for the sound drivers to be in the networking stack, MICROSOFT! But the sound drivers ARE in the networking stack because MICROSOFT wants us to get hacked.
or just use the brown noise to get some to drop th (Score:2)
or just use the brown noise to get some to drop there phone before they can lock it
Can it fake drunk calls to your ex? (Score:2)
Because if so, a lot of people now have an out, lol.
Alexa's already half-way there (Score:1)
Think dogs hear it? (Score:1)
But the Convenience! (Score:1)